Kesselb

**Name of the Vulnerable Software and Affected Versions** Nextcloud User OIDC app versions prior to 6.1.0 **Description** A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. This issue is related to the user oidc app, an OpenID Connect user backend for Nextcloud. **Recommendations** For Nextcloud User OIDC app versions prior to 6.1.0, upgrade to version 6.1.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud mail versions prior to 1.12.2 **Description** The issue concerns missing user account ownership checks when performing tasks related to mail attachments in Nextcloud mail, potentially exposing attachments to incorrect system users. **Recommendations** For versions prior to 1.12.2, upgrade the Nextcloud Mail app to 1.12.2, as there are no known workarounds for this issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Mail versions prior to 1.9.5 **Description** The issue is related to improper access control due to a missing permission check. This allows other authenticated users to create mail aliases for other users. **Recommendations** For versions prior to 1.9.5, update to version 1.9.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Mail versions prior to 1.4.3 Nextcloud Mail versions prior to 1.8.2 **Description** A missing permission check in Nextcloud Mail allows another authenticated user to access mail metadata of other users. **Recommendations** For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue.